Question

Josephine worked part-time, in substantially the same position, for two nursing homes—St. Pats and West End Villa. She asked West End Villa for significant accommodations and provided a medical note indicating that she could not perform a large majority of her duties there. While investigating her accommodation request, West End Villa contacted St. Pats, asking for information on Josephine’s attendance and work restrictions. St Pats responded, and also sent them a copy of the medical note Josephine had previously provided to St. Pats indicating that she could perform all of the duties of her job without accommodation. Upon finding out about this unauthorized disclosure of her medical information, Josephine—a unionized employee—filed a grievance against St. Pats, seeking monetary damages for breach of her privacy. St. Pats responded that while the disclosure was not permitted under the collective agreement, the information it sent to West End Villa was innocuous since the medical note did not contain any actual diagnosis. In fact, it referred to an absence of medical restrictions.

Is the employer, St Pats, liable for breach of privacy in these circumstances?

Answer 1

Privacy is the discretionary concept in the legal system and the society.

The legal system has set up provisions for the non-transmission of personal data and sensitive data.

The authorities and companies should take into account the privacy issues of the consumers. In many cases, the companies transfer the data to the third party. It raises privacy issues and concerns in the minds of the customers. For instance, if the consumers enter the credit card information on Amazon, the company should keep in mind that it does not disclose this sensitive data to any third or external party. It is because the companies should not breach the trust of the consumers.

Moreover, the companies also mention the privacy clause in the terms and conditions of the contract. In the current scenario, the two hospitals at St. Pats and West Ends should not disclose the employees' medical information. Josephine simultaneously works at both the places. The employee has sent two different medical certificates at two different places.

It is the responsibility of the company to check the data at its end. Any hospital cannot ask the other hospital for the personal information of the employees. Moreover, the contract also mentioned that there should be no disclosure of any information. Hence, St Pats is liable for the breach of contra. It is because no reason can justify sharing the employees' personal or sensitive data.